Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu,  4 Aug 2016 01:02:41 -0400 (EDT)
From: cve-assign@...re.org
To: zhangkaixiang@....cn
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> I found a vulnerability in docker of the latest version which could
> cause a Denial of Service, it results in a machine could not join the
> swarm cluster after another node's repeatedly joining and quitting the
> swarm for many times (taking my testing as example, it should need at
> least one thousand times). Moreover, the docker debugging info
> indicates the Dispatcher is stopped and ca server may exited
> sometimes.
> 
> Login machine A1 and join the swarm ,and then quitted the swarm.
> 
> Login machine A2, repeatedly join and quit the swarm for 1000 times.
> 
> After finishing that, Login machine A1 again and attempt to join the swarm, it failed.
> 
> Error response from daemon: Timeout was reached before node was
> joined. Attempt to join the cluster will continue in the background.
> Use "docker info" command to see the current swarm status of your
> node.
> 
> level=error
> msg="failed to remove node"
> 
> level=error
> msg="session failed"
> error="rpc error: ... context canceled"
> 
> level=debug
> msg="heartbeat expiration"
> 
> level=error
> msg="failed deregistering node after heartbeat expiration"
> error="... dispatcher is stopped"

Use CVE-2016-6595.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXossBAAoJEHb/MwWLVhi2FJ8QALlp1bYssp66abNelRpjiQXl
ylHYSBTYhSMIpguerzlQv88l+O13uLfLtsC/fHPqb9+/cDG1icNHIjKuussr4HeQ
hy3DRSn0D+63XXXHjRG5hvpBP3Sf8irAz3lnwaEHj01hlILsAbAV0CuTP2+lBz3X
QtIojkBnHUUz/glGCT8VMavS85MakRwM7CV2upLJZptHaOiQlR8pa06FOBCBzWjJ
TsxdIFgnlEWomN0Lsf+IKD5uc6n+kmZzmyBNR9hHDCkTNJLRgMEvqVmK1nqVgQPS
jzvdrZSKF+BxQfPmONgrvSfQpSlEbJ4GFTYN0qeHqpt8SRJLJ0Uuy1ukzd+j6S8G
oTuA1fAJsZFwsku40usqv3lbeBGWMmxj4ORKNXZkqUZLOVwXN+p6xbDDC8Qm/p/O
EEF124dGsxSvlcoAGpOqjAHkzB+vrCBsi0kMlsPTb6zKRZSX7ql9jaG6riFJ4H0E
nKooj0RQRZGo2V1Z1NQDc4dMQtQ4HrRHKpDKp5snMdafbwR2DxAD2Kh862JYo2Pp
3kmaQ/4X4oq3BFy9zwsAV3PZvBZJjerlk2MLxPktaQNSqKduriG9z9DxhPraQWaP
kzml/+CylX7EEkV0hm+AZjt1+CMfxHAUQkvvRxi0NyhGLjqfIURI17CesCVNTYOS
ww56x94Z2M9fplQcqRQK
=Wgqx
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ